Re: Working Within the System

From: Michael S. Lorrey (retroman@turbont.net)
Date: Sun Apr 30 2000 - 18:30:43 MDT


Matt Gingell wrote:
>
> On Sun, 30 Apr 2000, Michael S. Lorrey wrote:
>
> >Additionally, there is no problem with making a runtime that disallows
> >(or allows the user to disallow) certain types of system functions, just
> >as Java does. So the only security hole is due to the release of an
> >unready implementation. That is a typical Microsoft fault, premature
> >releasing things. I'm sure that many of those suffering from Bill-envy
> >will extend that failure to his personal life.
>
> It's quite a bit deeper than that. The ActiveX security philosophy is based on
> authentication certificates - you trust the program because you know who the
> author was. In Java, you trust the program because it runs in an emulated sand
> box and can not possibly do things the vm won't let it do.
>
> What an ActiveX program can do isn't a function of the ActiveX runtime, it's a
> function of what the operating system does when an executable program accesses
> one of the kernel interfaces. So far as I know, there's no system in Win95
> for running programs with some particular set of privileges. Making ActiveX
> programs as safe and flexible as Java programs would require a substantial
> amount of operating system support, and it's a bit misleading to suggest 'the
> only security hole is due to the release of an unready implementation.'
>

Windows is not incapable of priviledge levels or access restrictions. It
is merely installed by the typical user without any. That is a matter of
laziness rather than lack of capability. Any proper and secure ActiveX
installation should allow you to set up such security (which would also
alleviate a lot of the other security holes typical of windows use to
access the internet.)

However, lets say you create a runtime to run ActiveX on a linux/unix
environment. Because that environment specifically allows priviledge
levels and access restrictions, you can build this capability into the
runtime, such that it can interpret an ActiveX applet as being a user,
group, or world level of access, and ban root from executing ActiveX.



This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 15:28:19 MST